JamesTheAwesomeDude/restorecon-xtables-lock.service

## restorecon-xtables-lock.service
# /etc/systemd/system/restorecon-xtables-lock.service
# Fixes	https://bugzilla.redhat.com/show_bug.cgi?id=1436904#c3
# Author: James Edington <james.edington@uah.edu>

# HOWEVER, IF YOU ARE READING THIS, you probably need to be
# configuring the McAfee Firewall *instead of* interacting with iptables yourself:
# https://docs.mcafee.com/bundle/endpoint-security-10.6.6-firewall-product-guide-linux/page/GUID-481C8EE3-A371-4D86-8BF4-BB5C18B8C7F9.html
# Example:
#	/opt/McAfee/ens/fw/bin/mfefwcli --fw-rule-add --name ALLOW_OUTBOUND --action allow --direction out --notes "Allow all outbound connections from ${HOSTNAME-scanner} per requirements for IDS functionality"

[Unit]
Description=Restore SELinux context on xtables.lock
After=mfefwd.service

[Service]
Type=oneshot
RemainAfterExit=false
ExecStart=/usr/sbin/restorecon /var/run/xtables.lock

[Install]
WantedBy=multi-user.target
	# /etc/systemd/system/restorecon-xtables-lock.service
	# Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1436904#c3
	# Author: James Edington <james.edington@uah.edu>

	# HOWEVER, IF YOU ARE READING THIS, you probably need to be
	# configuring the McAfee Firewall instead of interacting with iptables yourself:
	# https://docs.mcafee.com/bundle/endpoint-security-10.6.6-firewall-product-guide-linux/page/GUID-481C8EE3-A371-4D86-8BF4-BB5C18B8C7F9.html
	# Example:
	# /opt/McAfee/ens/fw/bin/mfefwcli --fw-rule-add --name ALLOW_OUTBOUND --action allow --direction out --notes "Allow all outbound connections from ${HOSTNAME-scanner} per requirements for IDS functionality"

	[Unit]
	Description=Restore SELinux context on xtables.lock
	After=mfefwd.service

	[Service]
	Type=oneshot
	RemainAfterExit=false
	ExecStart=/usr/sbin/restorecon /var/run/xtables.lock

	[Install]
	WantedBy=multi-user.target